If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hello Guest,Our records indicate that you have never posted to our site before! Why not make your first post today by saying hello to our community in our Introductions forum.

Please review the forums rules, start with your first post today and become an active part of petri.co.il forums now!

Is it possible? Permissions question.

8th June 2009, 17:08

Here at the company I am working for we are currently working towards the migration of our file storage. File storage is currently on an Novell Suse Linux platform and we are moving to a Windows Server 2008 environment. One of the main problems we are for seeing is the lack of users being able to change who can access there files. For example if Fred has a file and he wants Mary to be able to access this file, but nobody else he can change the properties of that file to enable Mary to have access. With this scenario it is currentliy working fine with Novell but I have yet to found away around it in Windows Server. A great deal of employees use this feature as well. Any ideas?
THANKS!

Probably you have to make a special permitions to a group of users, to permit users to change the access permitions to a folder. You can't give them admin status or else they can change everything. Probably someone with more experience or , that allready made something like that can help you.

Comment

With Windows, providing you grant a User or Security Group Full Control to a folder/file, they can change and add permisisons. If you make a User or Security Group an owner as well, they can also change permissions.

Comment

That's right. It's a common error for administrators to always grant Full Control when wanting to allow users to edit and delete documents. Best Practice is to use a Domain Local Group for the resource. e.g. A Domain Local security group appropriately named, e.g. DL_Finance_Full, Read or Modify as appropriate. The Domain Local group is granted the permisisons. You then create Global Groups and add the appropriate users to them and add those to the appropriate Domain Local group. This makes it convenient when assigning permissions. You only have to change the Groups a user is a member of. The DL groups never need to change.

Shares tend to be assigned 'Full Control' to everyone and then NTFS permissions lock it down. You can go further and use specfic groups as well but it gets more difficult to manage.

Use 'modify' NTFS permission to allow delete and edit etc and Full Control, if you want users to be able to take ownership and assign permissions.

Comment

That's right. It's a common error for administrators to always grant Full Control when wanting to allow users to edit and delete documents. Best Practice is to use a Domain Local Group for the resource. e.g. A Domain Local security group appropriately named, e.g. DL_Finance_Full, Read or Modify as appropriate. The Domain Local group is granted the permisisons. You then create Global Groups and add the appropriate users to them and add those to the appropriate Domain Local group. This makes it convenient when assigning permissions. You only have to change the Groups a user is a member of. The DL groups never need to change.

Shares tend to be assigned 'Full Control' to everyone and then NTFS permissions lock it down. You can go further and use specfic groups as well but it gets more difficult to manage.

Use 'modify' NTFS permission to allow delete and edit etc and Full Control, if you want users to be able to take ownership and assign permissions.

All great advice but i would change the share permissions to Authenticated Users with Full Control.